1. Presented ByKeshab Nath

2. Introduction to Cyber crime Computer Crime, E-Crime, Hi-Tech Crime orElectronic Crime is where a computer is thetarget of a crime or is the means adopted tocommit a crime. Most of these crimes are not new. Criminalssimply devise different ways to undertakestandard criminal activities such as fraud,theft, blackmail, forgery, and embezzlementusing the new medium, often involving theInternet 3. Computer vulnerability Computers store huge amounts of data in smallspaces Ease of access Complexity of technology Human error One of the key elements that keeps most members ofany society honest is fear of being caught thedeterrence factor. Cyberspace changes two of thoserules. First, it offers the criminal an opportunity ofattacking his victims from the remoteness of a differentcontinent and secondly, the results of the crime are notimmediately apparent. Need new laws and upgraded technology to combatcyber crimes 4. Types of Cyber crimes Credit card frauds Cyber pornography Sale of illegal articles-narcotics, weapons, wildlife Online gambling Intellectual Property crimes- software piracy, copyrightinfringement, trademarks violations, theft of computersource code Email spoofing Forgery Defamation Cyber stalking (section 509 IPC) Phising Cyber terrorism 5. International initiatives Representatives from the 26 Council of Europemembers, the United States, Canada, Japan and SouthAfrica in 2001 signed a convention on cybercrime inefforts to enhance international cooperation incombating computer-based crimes.The Convention on Cybercrime, drawn up by experts ofthe Council of Europe, is designed to coordinate thesecountries policies and laws on penalties on crimes incyberspace, define the formula guaranteeing theefficient operation of the criminal and judicialauthorities, and establish an efficient mechanism forinternational cooperation. In 1997, The G-8 Ministers agreed to ten "Principles toCombat High-Tech Crime" and an "Action Plan toCombat High-Tech Crime." 6. Contd.. Main objectives- Create effective cyber crime laws Handle jurisdiction issues Cooperate in international investigations Develop acceptable practices for search andseizure Establish effective public/private sectorinteraction 7. Frequency of incidents of Cyber crimes in IndiaSource: Survey conducted by ASCL 8. Contd.. Denial of Service section 43 Virus: Section: 66, 43 Data Alteration sec 66 U/A Access Section 43 Email Abuse Sec. 67, 500, Other IPC Sections Data Theft Sec 66, 65 9. No. of Indian web-sites defaced8000 703970006000500040003000 2219200010021000441019981999 20002001 10. Number of Indian sites hacked25252015 1210 6 5 0 0 1998 19992000 2001 11. REPORTED CASES State versus Amit Pasari and Kapil Juneja Delhi Police M/s Softweb Solutions Website www.go2nextjob.com hosted Complaint of hacking by web hosting service State versus Joseph Jose Delhi Police Hoax Email - Purported planting of 6 bombs in Connaught Place State versus Aneesh Chopra Delhi Police Three company websites hacked Accused: An ex -employee State versus K R Vijayakumar Bangalore Cyber Crime Police Station, 2001 Criminal intimidation of employers and crashing the companys server Phoenix Global solutions 11 12. What is India incorporateds biggest threat? Cyber crime is now a bigger threat to India Inc thanphysical crime. In a recent survey by IBM, a greaternumber of companies (44%) listed cyber crime as abigger threat to their profitability than physical crime(31%).The cost of cyber crime stems primarily from loss ofrevenue, loss of market capitalisation, damage to thebrand, and loss of customers, in that order.About 67% local Chief Information Officers (CIOs) whotook part in the survey perceived cyber crime as morecostly, compared to the global benchmark of 50%. 13. Civil Wrongs under IT Act Chapter IX of IT Act, Section 43 Whoever without permission of owner of the computer Secures access (mere U/A access) Not necessarily through a network Downloads, copies, extracts any data Introduces or causes to be introduced any viruses or contaminant Damages or causes to be damaged any computer resource Destroy, alter, delete, add, modify or rearrange Change the format of a file Disrupts or causes disruption of any computer resource Preventing normal continuance of 14. Denies or causes denial of access by any means Denial of service attacksAssists any person to do any thing above Rogue Websites, Search Engines, Insiders providing vulnerabilitiesCharges the services availed by a person to the accountof another person by tampering or manipulating anycomputer resource Credit card frauds, Internet time theftsLiable to pay damages not exceeding Rs. One crore to theaffected partyInvestigation byADJUDICATING OFFICERPowers of a civil court 15. Section 46 IT Act Section 46 of the IT Act states that an adjudicatingofficer shall be adjudging whether a person hascommitted a contravention of any of the provisions ofthe said Act, by holding an inquiry. Principles of audialterum partum and natural justice are enshrined inthe said section which stipulates that a reasonableopportunity of making a representation shall begranted to the concerned person who is allegedto have violated the provisions of the IT Act. The saidAct stipulates that the inquiry will be carried out in themanner as prescribed by the Central Government All proceedings before him are deemed to be judicialproceedings, every Adjudicating Officer has all powersconferred on civil courts Appeal to cyber Appellate Tribunal- from decision ofController, Adjudicating Officer {section 57 IT act} 16. Section 47, IT Act Section 47 of the Act lays down that whileadjudging the quantum of compensation underthis Act, the adjudicating officer shall have dueregard to the following factors, namely- (a) the amount of gain of unfair advantage,wherever quantifiable, made as a result of thedefault;(b) the amount of loss caused to any personas a result of the default; (c) the repetitive nature of the default 17. Section 65: Source Code Most important asset of software companies Computer Source Code" means the listing ofprogrammes, computer commands, design andlayout Ingredients Knowledge or intention Concealment, destruction, alteration computer source code required to be kept or maintainedby law Punishment imprisonment up to three years and / or fine up to Rs. 2 lakh 18. Section 66: Hacking Ingredients Intention or Knowledge to cause wrongful lossor damage to the public or any person Destruction, deletion, alteration, diminishingvalue or utility or injuriously affectinginformation residing in a computer resource Punishment imprisonment up to three years, and / or fine up to Rs. 2 lakh Cognizable, Non Bailable,Section 66 covers data theft aswell as data alteration 18 19. Sec. 67. Pornography Ingredients Publishing or transmitting or causing to be published in the electronic form, Obscene material Punishment On first conviction imprisonment of either description up to five years and fine up to Rs. 1 lakh On subsequent conviction imprisonment of either description up to ten years and fine up to Rs. 2 lakh Section covers Internet Service Providers, Search engines, Pornographic websites Cognizable, Non-Bailable, JMIC/ Court of Sessions 20. Sec 69: Decryption of information Ingredients Controller issues order to Government agency to intercept any information transmitted through any computer resource. Order is issued in the interest of the sovereignty or integrity of India, the security of the State, friendly relations with foreign States, public order or preventing incitement for commission of a cognizable offence Person in charge of the computer resource fails to extend all facilities and technical assistance to decrypt the information-punishment upto 7 years. 21. Sec 70 Protected System Ingredients Securing unauthorised access or attempting to secure unauthorised access to protected system Acts covered by this section: Switching computer on / off Using installed software / hardware Installing software / hardware Port scanning Punishment Imprisonment up to 10 years and fine Cognizable, Non-Bailable, Court of Sessions 22. Cyber crimes punishable under various Indian laws Sending pornographic or obscene emails are punishable under Section 67 of the IT Act. An offence under this section is punishable on first conviction with imprisonment for a term,which may extend to five years and with fine,which may extend to One lakh rupees.In the event of a second or subsequent conviction the recommended punishment isimprisonment for a term, which may extend to ten years and also with fine which may extend toTwo lakh rupees. Emails that are defamatory in nature are punishable under Section 500 of the Indian PenalCode (IPC), which recommends an imprisonment of upto two years or a fine or both. Threatening emails are punishable under the provisions of the IPC pertaining to criminalintimidation, insult and annoyance (Chapter XXII), extortion (Chapter XVII) Email spoofingEmail spoofing is covered under provisions of the IPC relating tofraud, cheating by personation (Chapter XVII), forgery (Chapter XVIII) 23. Computer Related Crimes under IPC and Special LawsSending threatening messages by email Sec 503 IPCSending defamatory messages by emailSec 499, 500 IPCForgery of electronic records Sec 463, 470, 471 IPCBogus websites, cyber fraudsSec 420 IPCEmail spoofingSec 416, 417, 463 IPCOnline sale of DrugsNDPS ActWeb-Jacking Sec. 383 IPCOnline sale of Arms Arms Act 24. Cognizability and Bailability Not mentioned in the Act Rely on Part II of Schedule I of CrPC If punishable with death, imprisonment for life or imprisonment for more than 7 years: Cognizable, Non-Bailable, Court of Session If punishable with imprisonment for 3 years and upwards but not more than 7 years: Cognizable, Non - Bailable, Magistrate of First Class If punishable with imprisonment of less than 3 years: Non-Cognizable, Bailable, Any Magistrate (or Controller of CAs)24 25. Power of Police to InvestigateSection 156 Cr.P.C. : Power toinvestigate cognizable offences.Section 155 Cr.P.C. : Power toinvestigate non cognizable offences.Section 91 Cr.P.C. : Summon to producedocuments.Section 160 Cr.P.C. : Summon to requireattendance of witnesses. 26. Power of Police to investigate (contd.)Section 165 Cr.P.C. : Search by police officer.Section 93 Cr.P.C : General provision as tosearch warrants.Section 47 Cr.P.C. : Search to arrest theaccused.Section 78 of IT Act, 2000 : Power toinvestigate offences-not below rank of DSP.Section 80 of IT Act, 2000 : Power of policeofficer to enter any public place and search& arrest. 27. Case Study- BPO Data Theft The recently reported case of a BankFraud in Pune in which some exemployees of BPO arm of MPhasis LtdMsourcE, defrauded US Customers of CitiBank to the tune of RS 1.5 crores hasraised concerns of many kinds includingthe role of "Data Protection". 28. Case Study (contd.) The crime was obviously committed using "Unauthorized Access" to the"Electronic Account Space" of the customers. It is therefore firmly withinthe domain of "Cyber Crimes". ITA-2000 is versatile enough to accommodate the aspects of crime notcovered by ITA-2000 but covered by other statutes since any IPC offencecommitted with the use of "Electronic Documents" can be considered as acrime with the use of a "Written Documents". "Cheating", "Conspiracy","Breach of Trust" etc are therefore applicable in the above case in additionto section in ITA-2000. Under ITA-2000 the offence is recognized both under Section 66 andSection 43. Accordingly, the persons involved are liable for imprisonmentand fine as well as a liability to pay damage to the victims to the maximumextent of Rs 1 crore per victim for which the "Adjudication Process" can beinvoked. 29. Case Study (contd.) The BPO is liable for lack of security that enabled the commission of the fraud as wellas because of the vicarious responsibility for the ex-employees involvement. Theprocess of getting the PIN number was during the tenure of the persons as"Employees" and hence the organization is responsible for the crime. Some of the persons who have assisted others in the commission of the crime eventhough they may not be directly involved as beneficiaries will also be liable underSection 43 of ITA-2000. Under Section 79 and Section 85 of ITA-2000, vicarious responsibilities are indicatedboth for the BPO and the Bank on the grounds of "Lack of Due Diligence". At the same time, if the crime is investigated in India under ITA-2000, then the factthat the Bank was not using digital signatures for authenticating the customerinstructions is a matter which would amount to gross negligence on the part of theBank. (However, in this particular case since the victims appear to be US Citizens andthe Bank itself is US based, the crime may come under the jurisdiction of the UScourts and not Indian Courts). 30. FIR NO 76/02 PS PARLIAMENT STREET Mrs. SONIA GANDHI RECEIVED THREATING E-MAILS E- MAIL FROM missonrevenge84@khalsa.com missionrevenge84@hotmail.com THE CASE WAS REFERRED ACCUSED PERSON LOST HIS PARENTS DURING 1984 RIOTS 30 31. ASLU Survey published in March 2003-Incidence of Cyber crime in India Non Reporting-causes UNAUTHORISED 60% feared negativeACCESS 19% publicity 23% did not know police equipped to handleE-MAIL ABUSE 21% cyber crimes 9% feared further cyber attacks DATA THEFT 33% 8% had no awareness of cyber laws False arrest concerns 32. Better Enforcement initiatives Mumbai Cyber lab is a joint initiative of Mumbai police andNASSCOM more exchange and coordination of this kind Suggested amendments to the IT Act,2000-new provisions for childpornography, etc More Public awareness campaigns Training of police officers to effectively combat cyber crimes More Cyber crime police cells set up across the country Effective E-surveillance Websites aid in creating awareness and encouraging reporting ofcyber crime cases. Specialised Training of forensic investigators and experts Active coordination between police and other law enforcementagencies and authorities is required. 33. REFERENCESETH ASSOCIATESADVOCATES AND LEGAL CONSULTANTSNew Delhi Law Office: C-1/16, Daryaganj, New Delhi-110002, IndiaTel:+91 (11) 55352272, +91 9868119137www.sethassociates.comCorporate Law Office: B-10, Sector 40, NOIDA-201301, N.C.R, IndiaTel: +91 (120) 4352846, +91 9810155766Fax: +91 (120) 4331304E-mail: mail@sethassociates.com www.sethassociates.com